The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Its core purpose is to help organizations improve their software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

"Newer versions of ransomware seem to be targeting not just your storage of data on your documents, folders, and things like this, but also go after backups, data-baseed backups, and so on, either on the personal computers or on the network storage and other storage devices. It is important to have this, what we call, air gap between the network that is currently running and the database backup that needs to exist elsewhere."

"Newer versions of ransomware seem to be targeting not just your storage of data on your documents, folders, and things like this, but also go after backups, data-baseed backups, and so on, either on the personal computers or on the network storage and other storage devices. It is important to have this, what we call, air gap between the network that is currently running and the database backup that needs to exist elsewhere."

"There are many steps in the lifecycle that can be checked. But security operational folks, as I said at the beginning, do more at the end, which is too late because then it is costing so much time in terms of fixing any known vulnerabilities, or fixing anything that has been discovered late, because it’s going to go back to the sprint plan, depending on what type of application development method they were using."

"There are many steps in the lifecycle that can be checked. But security operational folks, as I said at the beginning, do more at the end, which is too late because then it is costing so much time in terms of fixing any known vulnerabilities, or fixing anything that has been discovered late, because it’s going to go back to the sprint plan, depending on what type of application development method they were using."

"You can talk about the function of software, but if you want to talk, say performance, you only can talk about that in the context of it running on some hardware. If you want to talk about safety you have to talk about how it distributed on the hardware, how good the hardware is, in addition to how good the software is, and how well it interacts with the physical environment. These interactions present the majority of problems in embedded software systems."

"You can talk about the function of software, but if you want to talk, say performance, you only can talk about that in the context of it running on some hardware. If you want to talk about safety you have to talk about how it distributed on the hardware, how good the hardware is, in addition to how good the software is, and how well it interacts with the physical environment. These interactions present the majority of problems in embedded software systems."

"A lot of the banking applications that we are using now are using one-time passwords that are only valid for a very distinct period of time. If you can mess with what the computer thinks the time is, then you might be able to set up a window of opportunity."

"A lot of the banking applications that we are using now are using one-time passwords that are only valid for a very distinct period of time. If you can mess with what the computer thinks the time is, then you might be able to set up a window of opportunity."

"One of the key features of the tactical cloudlets, like I said, is that they are discoverable. So a mobile device in the field is going to say, Are there any cloudlets around me? From a mobile-device perspective, I want to make sure that cloudlet is a friendly one. Is it a good cloudlet, right? And the other way around is also true. If I am a cloudlet and the mobile device says, I would like to connect to you, I need to know it is a good one."

"One of the key features of the tactical cloudlets, like I said, is that they are discoverable. So a mobile device in the field is going to say, Are there any cloudlets around me? From a mobile-device perspective, I want to make sure that cloudlet is a friendly one. Is it a good cloudlet, right? And the other way around is also true. If I am a cloudlet and the mobile device says, I would like to connect to you, I need to know it is a good one."